Ransomware variant .bbbb

onexios

Active Member
Joined
Jul 16, 2014
Messages
94
Hello

I am wondering if any one has come across the variant of ransom ware with extension .bbbb

If so was it cleanable or what steps where taken to deal with this?
Currently cleaned up a machine with this variant, files are a loss cause.

Though does not seem to be much information about this variant yet or its masking its self as another type.
not sure.

Any info would be greatly appreciated.
 
Last edited:

WAslayer

Executive Member
Joined
May 13, 2011
Messages
7,261
maybe try this.. if its disguised as any of the other variants out there, one of these methods may work to decrypt the files.. i have been waiting for a chance to try this and have not yet gotten one and therefore cannot say that this actually works..

https://noransom.kaspersky.com/
 

Praeses

Expert Member
Joined
Oct 29, 2005
Messages
4,888
Hello

I am wondering if any one has come across the variant of ransom ware with extension .bbbb

If so was it cleanable or what steps where taken to deal with this?
Currently cleaned up a machine with this variant, files are a loss cause.

Though does not seem to be much information about this variant yet or its masking its self as another type.
not sure.

Any info would be greatly appreciated.

Upload an infected file to Virus Total and see if they give any other names to the virus?
 

onexios

Active Member
Joined
Jul 16, 2014
Messages
94
Hello

Thank you for your replies.

This is the info from Virus Total:

SHA256: 0ca06fe21cf0bbbceb8b04def3ce8a3ab81c90c219821c65d4b36105bd5665e4
File name: ED-vnz-jRG.bbbb
Detection ratio: 0 / 54

File identification
MD5 d4b0ee2bf24b691c0a21fd04bc23cd1a
SHA1 fbd493d3f463f5af7f42f23682a833a2c55562cc
SHA256 0ca06fe21cf0bbbceb8b04def3ce8a3ab81c90c219821c65d4b36105bd5665e4
ssdeep
24576:/ylJAzGuUk/Vwbp5r1cb5YtjVwrFwhb4HItSgvriQ71cf8fSy:mJ+GuUUVO5mCLwBwF4otpvrN7qy

File size 1.3 MB ( 1396353 bytes )
File type PDF
Magic literal
PDF document, version 1.4

TrID Adobe Portable Document Format (100.0%)
Tags
pdf invalid-xref

VirusTotal metadata
First submission 2016-10-14 11:33:33 UTC ( 0 minutes ago )
Last submission 2016-10-14 11:33:33 UTC ( 0 minutes ago )
File names ED-vnz-jRG.bbbb
ExifTool file metadata
MIMEType
application/pdf

FileType
PDF

Linearized
No

Warning
Invalid xref table

FileTypeExtension
pdf

PDFVersion
1.4


Not much usefull information, will try a few of these files. See if anything gives.
I do have a copy of these files, some that seem to be pdf others zip files.

@Waylander are you looking for one of the encrypted files ?

@WAslayer will give those tools a try, currently scanning the pc with kaspersky rescue disk. Just in case there is anything left over..
 

onexios

Active Member
Joined
Jul 16, 2014
Messages
94
Hi I have found this is a variant of the Cerber Ransom Ware, no decryption for the new variants available, only the first variant from trend micro ransom ware removal tool.
 
Top